CVE-2014-7286 – Symantec Altiris Agent 6.9 (Build 648) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7286
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en AClient en Symantec Deployment Solution 6.9 y anteriores en Windows XP y Server 2003 permite a usuarios locales obtener privilegios a través de vectores sin especificar. • https://www.exploit-db.com/exploits/35964 http://www.securityfocus.com/bid/71727 http://www.securitytracker.com/id/1031421 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3874
https://notcve.org/view.php?id=CVE-2007-3874
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el demonio tftp/mftp en el componente del servidor PXE (pxemtftp.exe) en Symantec Altiris Deployment Solution 6.x anterior a 6.8.380.0 permite a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=619 http://secunia.com/advisories/27412 http://www.securityfocus.com/bid/26266 http://www.securitytracker.com/id?1018875 http://www.symantec.com/avcenter/security/Content/2007.10.31.html http://www.vupen.com/english/advisories/2007/3673 https://exchange.xforce.ibmcloud.com/vulnerabilities/38178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-1590 – Altiris Deployment Solution 5.6 - Client Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-1590
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. • https://www.exploit-db.com/exploits/24754 http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html http://secunia.com/advisories/15159 http://www.osvdb.org/15897 •